A Model-Based Methodology to
Formalize Railway Systems
Prepared by : Melissa Issad (Ecole Centrale Paris/ Siemens)
Co-authors: Leila Kloul (Versailles University), Antoine Rauzy (Ecole
Centrale Paris)
2014 International Symposium on Model Based Safety Assessment
1 IMBSA14’
Outline
Motivations
SCOLA: a Scenario Oriented LAnguage
Modeling CBTC systems using SCOLA
Modeling existing CBTC system specifications using SCOLA
Conclusion and futur work
2 IMBSA14’
1. It is all about complexity !
“This century is the century of complexity, and
complexity and its associated technologies and
theories of artificial life, agent-based models,
self-organization and the science of networks
will revolutionize the way science is done”
Stephen Hawking,2000
3 IMBSA14’
Motivations
IMBSA14’ 4
Motivations
Different Railway transportations
Complex railway systems
Different functions and applications
2. V-Cycle for product development
V-Cycle in EN 50126 5 IMBSA14’
Motivations
IN THEORY
Needs analysis
System
specification
System design
Software development
System
integration
System
validation
Operational
qualification
6 IMBSA14’
IN PRACTICE
Motivations
Up to 5 years
More than a year
Almost a year
3. Limits of the system modeling
Two main approaches for system modeling:
◦ Language centric Use of all the items provided by the language to model the
system
Result: redundant or irrelevant information
◦ System centric Modify the modeling language to fit the system
Result: Not generic methodologies
Modeling language with no semantics behind !
Example: UML, SysML, …etc
7 IMBSA14’
Motivations
4. Formal Modeling
IMBSA14’ 8
Formal
model System
specification
Safety analysis
Software
Engineering
Motivations
Formalize the informal
Unify the system description
Link with external tools
Obtain a graphical representation
9 IMBSA14’
Motivations
5. Scenarios
Set of multiple actions
Triggered by events
Divided into steps
Representation of the system behavior
Linked to the system requirements
Allocation of components to actions
IMBSA14’ 10
Motivations
Instead of looking at systems options, we must
identify systems concepts
Build a formal modeling language based on the
concepts and that fits the behavior of the system
• System architecture:
• Functional view
• Structural view
• Behavioral view
• Functional scenarios
Where?
• Identifying the abstract concepts of the system and their relationships
How? • At the very first steps of the system design
When?
11 IMBSA14’
SCOLA, a Scenario Oriented LAnguage
A system consists of:
A set of components which execute functions
A system can be seen at different abstraction levels
Identifier
System
Operators
•Precedence
•Parallelism
•Assignment
•Refinement
•…
Component
Abstraction Level 0..1
1
1
*
*
*
Function
1
*
*
12 IMBSA14’
1. Metamodel of a system in SCOLA
SCOLA
individually in cooperation
2. What is a function?
A function can be a set of functions characterized by :
an ID
executed by one or two components.
the three differents types possible and receives and send data.
Identifier
Function
Type
•Simple
•Transfer
•Test
Component
In/out data 0..1 Id
1
1,2
*
*
*
*
*
Abstraction level
1
*
13 IMBSA14’
SCOLA
3. What is a component?
A component can be a set of multiple sub-components, characterized by :
an ID
its ability to execute functions
interfaces to be linked to other components
A component receives and sends information. Functions express the relationship
between in and outs.
Identifier
Component
Function
Interface
Connector
0..1 Id
1
*
1 1
*
1 1
*
*
14 IMBSA14’
SCOLA
4. The operators of the language
Precedence: f1 f2
Parallelism: f1 || f2
Choice: f1 V f2
Cooperation: from C1 to C2
Assignement: by C
Refinement : Ln Ln+1
15 IMBSA14’
SCOLA
f1 f2
f1 f2
f1 f2
C1 C1
C
f
f1
f2
Textual Graphical
16
2. Track circuits ccupancy
information is transmitted
to wayside CBTC.
3. Wayside CBTC updates a track circuits
occupancy map and computes the target
point for train A.
This target point must not be overpassed
in order to guarentee anti-collision.
4. Wayside radio continuously transmits
to train A its target point ()
5. Train A adapts its speed according to the
protection distance to be maintained. ()
Wayside CBTC
B A 1. The non-equipped train is detected based
on the occupation of track circuits.
Non equipped train
Inter-lockings
Radio Wayside Server
Radio AP
Radio AP
The Communication Based Train Control system (CBTC)
Radio
CBTC
Radio AP
IMBSA14’
1. Graphical Representation with SCOLA
Consider the Arrival At Station Scenario
f0,1: The wayside selects the stopping point
f0,2: The wayside sends the stopping point to the train
f0,3: The train triggers the braking system
f0,4: The train informs the wayside of the doors opening
f0,5: The wayside opens the platform doors
f0,6: The wayside informs the train of the platform doors opening
f0,7: The train opens the doors
f0,8: The train informs the passengers of the next stop station
f0,9: The wayside triggers a timer at the train stop
f0,10: The train triggers the propulsion system
IMBSA14’ 17
Modeling CBTC systems using SCOLA
Consider a function of the ‘Arrival At
Station’ Scenario:
◦ f0,3: The train triggers the braking system
f1,1: The train detects that it is at the stopping point
f1,2: The train informs the driver that it is at the
stopping point
f1,3: The train triggers the braking system
f1,4: The train sends the braking information to the
driver
18 IMBSA14’
Modeling CBTC systems using SCOLA
Graphical representation of the function f0,3
19 IMBSA14’
Modeling CBTC systems using SCOLA
Graphical representation of the Arrival at Station scenario
20 IMBSA14’
‘Arrival at Station’ scenario representation
Modeling CBTC systems using SCOLA
2. Textual representation of scenario in SCOLA
IMBSA14’ 21
Modeling CBTC systems using SCOLA
IMBSA14’ 22
Modeling CBTC systems using SCOLA
Modeling existing CBTC system specifications using
SCOLA
1. Do we need to be experts of the system to
understand the specification?
2. What are the components of the system?
3. What is the relationship between the scenarios and
the system architecture?
4. Do we need all the scenario details for each step of
the system engineering?
IMBSA14’ 23
Depending on what we want to do with the system (safety analysis, system
validation & verification, software development), we might (not) need some
irrelevant information.
Our solution:
IMBSA14’ 24
Modeling existing CBTC system specifications using SCOLA
Conclusion
A novel scenario based modeling formalism
Two representations: Textual and graphical
Relies on a formal semantics
Provides multiple levels of abstraction
Re-usable components
Provides a help to the next steps of the process
Generic enough to be used for all the complex systems
A stepping stone for the dysfonctional scenarios modeling
IMBSA14’ 25
On-going work
Implementation of SCOLA
Introduction of the exchanged data into
the language
◦ Create inputs/outputs for each function
◦ Differentiate between safety data and non
safety one
26 IMBSA14’
Conclusion
On-going work
Evaluation of SCOLA in the safety analysis ◦ Evaluate the matching concepts between system
specifications and safety analysis
◦ Methodology to introduce the language in the existing approaches for safety analysis(on-going)
◦ Build an inductive and probabilistic approach to generate dysfunctional scenarios starting from the functional scenarios
◦ Create a benchmark for system specifications and safety analysis
27 IMBSA14’
Conclusion
References
European norm, NF EN 50126 « Railway Applications- Specification et demonstration of the reliability, availability,
maintenability and safety», January 2000.
F. Lagrange, , V. Goumy, E. Rose, G. Yelloz, JM Gimenez, E. Dubois VignalTGMT CBTC Presentation, Siemens
external presentation, ,2009
T. Krueger, Modeling of a complex system using sysml in a model based design approach, in Proceeding of the
ASTRA conference on Automation and Robotics,
Noordwijk, The Netherlands, 2011.
C. F. Claver, G.P. Debois Felsmann, F. Delgado, P. Hascall, S. Marshall, M. Nordby, and G. Schumacher, J. Sebag, The
LSST: A System of Systems American Astronomical Society, AAS Meeting #217, #252.02, Bulletin of the American
Astronomical Society, Vol. 43, 2011.
J. G. Lamm and T.Weilkiens, Funktionale Architekturen in SysML, In M. Maurer and S.-O. Schulze (eds.), Tag des
Systems Engineering, pp. 109118, Carl Hanser
Verlag, Mnchen, Germany, November 2010 (English translation by J. Lamm) 5. M. Dos Santos Soares and J.
Vrancken, Requirements Specication and Modeling through SysML, in Proceedings of the IEEE International
Conference on Systems, Man, and Cybernetics (SMC), pp.1735-1740, Montreal, Canada, 2010.
D.Krob, Elments de systmique - Architecture de systmes, in Complexit-Simplexit, Editions Odile Jacob, 2012.
Sanford Friedenthal, Alan Moore, Rick Steiner, A Practical Guide to SysML, The Systems Modeling Language,
MK/OMG Press, 2009, ISBN 978-0-12-378607-4
IMBSA14’ 28